package com.base.springboot.starter.mybatisplus.service;

import lombok.extern.slf4j.Slf4j;

import java.util.regex.Pattern;

/**
 * @Author：zhangqiang
 * @Date 2020/6/8 19:29
 */
@Slf4j
public class CheckSqlInjectionUtil {
    private static final String SQL_REG = "(?:')|(?:--)|(/\\*(?:.|[\\n\\r])*?\\*/)|"
            + "(\\b(select|update|and|or|delete|insert|trancate|char|into|substr|"
            + "ascii|declare|exec|count|master|into|drop|execute)\\b)";

    private static Pattern pattern = Pattern.compile(SQL_REG, Pattern.CASE_INSENSITIVE);

    private CheckSqlInjectionUtil() {
        throw new IllegalStateException();
    }

    /**
     * 检查SQL注入
     *
     * @param str
     */
    public static boolean validate(String str) {
        return !pattern.matcher(str).find();
    }

    /**
     * 检查SQL注入
     *
     * @param strs
     */
    public static boolean validate(String[] strs) {
        for (String str : strs) {
            if (pattern.matcher(str).find()) {
                return false;
            }
        }
        return true;
    }
}